WADIFF Consulting
Turning compliance requirements into ways to improve a Business | ISO27001 | Information and Cyber Security | GDPR | Data Governance
2019 was the year when we worked in more business sectors to help with Information and Cyber Security and data protection requirements. ISO27001 Helped 3 SMEs get ISO27001 certification Worked with 4 organisations on their ISO27001 Surveillance programmes. This included updating of risk assessments, doing internal audits and running desktop tests of business continuity plans… Read More
Several companies have made claims similar to “EU companies required to appoint UK Representative if there is a NO DEAL Brexit”. The headlines are wrong. I checked the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 and with the ICO. EU companies MAY need to appoint a UK representative, but if… Read More
The majority of offices use CCTV as part of their security measures to protect the perimeter of buildings and/or to monitor restricted areas. There is nothing wrong in doing this providing a legal basis for processing the personal data (images) is established, you tell people what it is used for and meet any requirements laid… Read More
The GDPR refers to large scale processing several times. Questions about what is meant by this come up on a regular basis. We have produced a short video with details on factors to consider, examples of large scale processing and examples of what isn’t large scale processing. Get in touch if you need help with… Read More
Meeting the General Data Protection Regulation (GDPR) requirements isn’t a one-off ‘set and forget’ activity. Ongoing work is needed to ensure the requirements continue to met, this is covered by the Accountability principle in Article 5. It states that the controller “shall be responsible for, and be able to demonstrate compliance with, paragraph 1”; and… Read More
The CNIL (the French Data Protection Authority) received 742 notifications of personal data breaches (and see the original report in French) that affected over 33 million individuals located in France or elsewhere. 695 related to confidentiality breaches. The accommodation and food services sector had the highest number of breaches – 185. This is due to a specific case… Read More
IAPP has published details about the number of complaints received by different data protection authorities (DPAs) in the first month after the GDPR started to be enforced. It isn’t a full picture as there are no details from Croatia, Cyprus, Finland, Germany, Greece, Hungary, Italy, Latvia, Lithuania, Luxembourg, Poland, Portugal and Spain. The accuracy and consistency of… Read More
One of the early stages to prepare for the General Data Protection Regulation (GDPR) is identifying the Personal Data you process; this blog provides a framework to build a Personal Data Inventory. An inventory is not a requirement of the GDPR, but it is a good way to build up a picture of the personal… Read More
Legitimate interests (LI) is one of the lawful basis for processing personal data. The ICO say it is appropriate “where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”. The three parts to the test to identify a LI have been… Read More
Details of documentation requirements for Accountability and Governance under the GDPR and Data Protection Bill are on the ICO website. A mind map has been created to act as a quick reference. Click on the image to view the full-size mind map. You can use the Checklist on the ICO website page to track what… Read More
